preserve GCS credentials on update if not set

credentials were not preserved if "prefer_database_credentials" was
set to true

Fixes #613
This commit is contained in:
Nicola Murino 2021-11-15 19:12:58 +01:00
parent e29a3efd39
commit 52f3a98cc8
No known key found for this signature in database
GPG key ID: 2F1FB59433D5A8CB
5 changed files with 21 additions and 6 deletions

2
go.mod
View file

@ -128,7 +128,7 @@ require (
golang.org/x/text v0.3.7 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20211112145013-271947fe86fd // indirect
google.golang.org/genproto v0.0.0-20211115160612-a5da7257a6f7 // indirect
gopkg.in/ini.v1 v1.64.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect

4
go.sum
View file

@ -1190,8 +1190,8 @@ google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4/go.mod h1:eFjDcFEc
google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211016002631-37fc39342514/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211112145013-271947fe86fd h1:8jqRgiTTWyKMDOM2AvhjA5dZLBSKXg1yFupPRBV/4fQ=
google.golang.org/genproto v0.0.0-20211112145013-271947fe86fd/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211115160612-a5da7257a6f7 h1:0LoCYJF53PEqtJOntKxGD72X/c8Xto5EZ4HLrt9D80I=
google.golang.org/genproto v0.0.0-20211115160612-a5da7257a6f7/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=

View file

@ -245,7 +245,9 @@ func updateEncryptedSecrets(fsConfig *vfs.Filesystem, currentS3AccessSecret, cur
fsConfig.AzBlobConfig.SASURL = currentAzSASUrl
}
case sdk.GCSFilesystemProvider:
if fsConfig.GCSConfig.Credentials.IsNotPlainAndNotEmpty() {
// for GCS credentials will be cleared if we enable automatic credentials
// so keep the old credentials here if no new credentials are provided
if !fsConfig.GCSConfig.Credentials.IsPlain() {
fsConfig.GCSConfig.Credentials = currentGCSCredentials
}
case sdk.CryptedFilesystemProvider:

View file

@ -2802,6 +2802,19 @@ func TestUserHiddenFields(t *testing.T) {
assert.Empty(t, user5.FsConfig.SFTPConfig.PrivateKey.GetKey())
assert.Empty(t, user5.FsConfig.SFTPConfig.PrivateKey.GetAdditionalData())
// update the GCS user and check that the credentials are preserved
user2.FsConfig.GCSConfig.Credentials = kms.NewEmptySecret()
_, _, err = httpdtest.UpdateUser(user2, http.StatusOK, "")
assert.NoError(t, err)
user2, _, err = httpdtest.GetUserByUsername(user2.Username, http.StatusOK)
assert.NoError(t, err)
assert.Empty(t, user2.Password)
assert.Empty(t, user2.FsConfig.GCSConfig.Credentials.GetKey())
assert.Empty(t, user2.FsConfig.GCSConfig.Credentials.GetAdditionalData())
assert.NotEmpty(t, user2.FsConfig.GCSConfig.Credentials.GetStatus())
assert.NotEmpty(t, user2.FsConfig.GCSConfig.Credentials.GetPayload())
_, err = httpdtest.RemoveUser(user1, http.StatusOK)
assert.NoError(t, err)
_, err = httpdtest.RemoveUser(user2, http.StatusOK)

View file

@ -311,7 +311,7 @@ func (c *GCSFsConfig) isEqual(other *GCSFsConfig) bool {
// Validate returns an error if the configuration is not valid
func (c *GCSFsConfig) Validate(credentialsFilePath string) error {
if c.Credentials == nil {
if c.Credentials == nil || c.AutomaticCredentials == 1 {
c.Credentials = kms.NewEmptySecret()
}
if c.Bucket == "" {
@ -329,7 +329,7 @@ func (c *GCSFsConfig) Validate(credentialsFilePath string) error {
if c.Credentials.IsEncrypted() && !c.Credentials.IsValid() {
return errors.New("invalid encrypted credentials")
}
if !c.Credentials.IsValidInput() && c.AutomaticCredentials == 0 {
if c.AutomaticCredentials == 0 && !c.Credentials.IsValidInput() {
fi, err := os.Stat(credentialsFilePath)
if err != nil {
return fmt.Errorf("invalid credentials %v", err)